Skip to content

Commit

Permalink
[UDP] auth_api_key: Update description for reason to keep this module
Browse files Browse the repository at this point in the history
  • Loading branch information
thienvh332 committed Oct 10, 2024
1 parent f7d6ce1 commit 6327e96
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions auth_api_key/readme/DESCRIPTION.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,11 @@ from known sources.

For unknown sources, it is a good practice to filter out this header at
proxy level.

Although odoo has allowed users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). But `auth_api_key` still has some special features of its own such as:

- API keys remain usable even when the user is inactive (e.g., for system users in a shopinvader case).
- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
- Admins can manage API keys for users.

Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module

0 comments on commit 6327e96

Please sign in to comment.